Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Your next step into digital
Our cloud and security services
Cloud Security Strategy Assessment
Product brochure
PRODUCT BROCHURE Cloud Security Strategy Assessment 2
ContentsWhat is a Cloud Security Strategy Assessment?
What’s in it for you?
What’s included in the Cloud Security Strategy Assessment?
Why Vodafone?
PRODUCT BROCHURE 3 Cloud Security Strategy Assessment
Organisations can now consider public, private or hybrid cloud as part of their ongoing IT estate. Vodafone has teams of specialists available to help companies develop world-class security strategies to safeguard data and protect assets in the cloud. Vodafone Security offerings are designed to test and help secure potential security gaps. We guide you through each critical step of building a security-rich cloud posture.
From collecting and reviewing data to creating a strategic security roadmap, the service helps develop security protocols designed for the cloud. This service has been designed to provide a comprehensive approach to helping identify vulnerabilities before a security incident occurs. Security specialists provide the tools needed to create a risk-aware program to help companies in each phase of their security journey.
What is a Cloud Security Strategy Assessment?
Cloud Security Strategy Assessment – Method summary
Delivery phases PHASE 1:
Project initiation
PHASE 2:
Assess
PHASE 3:
Analyse
PHASE 4:
Recommend
Key activities Initiate project, collect and review data
Identify current IT security posture
Define target state Develop project definition and prioritisation
Prepare team and assets
Catalogue enterprise cloud usage
Perform gap analysis Create roadmap
Prepare current state assessment
Prepare executive report
Develop business case
Current state assessment
• Data collection check point
• Project work plan
Current state assessment
• IT cloud security current state
• Security protocols/ workload sensitivity mapping
• Current state assessment
Strategy report
• Target state rating
• Gap analysis
• Cloud security maturity assessment tool
• Cloud security maturity framework
• Strategic assessment
• Executive summary
High level plan
• Project definition and prioritisation
• Roadmap
• High level plan
PRODUCT BROCHURE Cloud Security Strategy Assessment4
What do you use it for?
This proven and comprehensive service helps clients:
• Comply with key regulatory requirements
• Protect confidentially, integrity and availability of your resources and data workloads
• Establish appropriate risk management strategies, no matter the cloud security service model
• Extend controls beyond on-premises environments with governance and assurance
What is the service?
The Cloud Security Strategy Assessment service offers actionable results in four key phases: initiate, analyse, assess and recommend.
• In the first phase of project initiation, security specialists develop a common understanding of the project objectives and roles and responsibilities, and review the cloud security standard to assess and benchmark against
• During the analysis phase, gaps are identified and documented by benchmarking and mapping against pre-defined regulations or standards
• After the analysis, the assessment phase begins, where remediation tasks are prioritised based on expected security maturity
• In the last phase of recommendation, security specialists outline a strategic roadmap for improving the effectiveness of the organisation’s cloud security posture
Within each phase, Vodafone prioritises cloud security scenarios for business-specific security requirements and help improve security controls and mechanisms to support better management of regulatory and industry requirements.
PRODUCT BROCHURE Cloud Security Strategy Assessment5
What’s in it for you?
Security is front of mind in many cloud transformations and migrations, and the service delivers a robust approach to assess and remediate potential security measures. This service delivers cloud transformation with security in mind. Vodafone help guide your cloud approach by implementing security measures from the start to help ensure success and protect your business strategies.
In addition, the service helps companies maintain compliance requirements. Vodafone’s team of security specialists help you expand your compliance efforts to include cloud initiatives and incorporate industry best practices.
Vodafone’s experience, tools and resources help you extend security beyond on-premise environments to achieve greater visibility and mitigate risks in the cloud. It also allows you to assess against any security regulation and standard. Vodafone ensure efficient security in the cloud and provide strategic guidance going forwards. We help you:
• Deal with hundreds of demands to maintain compliance with regulatory laws and policy in the cloud
• Comply with industry security standards, internal security policies and best practices to remain secure in the cloud
PRODUCT BROCHURE Cloud Security Strategy Assessment6
• Security specialists assess an organisation’s cloud-based risks, identify gaps and create a baseline maturity model
• Cloud scenarios and analyses help you identify specific security requirements and conduct a cost-benefit analysis for solutions
• A security roadmap help prioritise actions to secure existing cloud usage and consolidate new service offerings
• Our strategy framework covers the eight core domains that must be addressed by your cloud security strategy:
• Governance
• Metrics and monitoring
• Cloud security optimisation
• Data security
• Application security
• Network and system security
• Secure operations
• Identity and access management
• Business and technology alignment• Regulations• Risk management
• Strategic vision and investment• Accountability
• Value delivery to business• Managing third party providers
• Tracking of virtualised security incidents
• Integrate with business processes• Secure integration with legacy
systems
• Selection/performance of CSP• Managed security-related
risk in the cloud• Security continuity/availability
• Performance of cloud-specific staffing
• Virtualised environment security incidents
• Training on use of cloud (private v. non-private)
• Audit (cloud controls awareness)• Staffing (cloud provider)• Staffing (cloud consumer)
• Diagrams and documentation
• Hypervisor protection• CMDB• Malicious code protection• Performance and capacity
monitoring
• Perimeter protections• Firewall management• Intrusion detection/
prevention• Network traffic
management
• IAM platform architecture
• Access management
• Identity management
• Control monitoring
• IAM process documentation
• Access request• Role management
• Access reviews• Structure• Sourcing• Staffing• Education• Role definition
• Efficiency• Process capability• Quality• Cost• IAM operations• Security policy
• Strategy• Cost models• Program
governance• Executive• Sponsorship
• Capacity modelling and management
• Provisioning and de-provisioning
• Segregation of duties (SoD)
• Incident response• Secure provisioning of
IaaS, PaaS or SaaS• Secure architectural
agility, flexibility and availability
• Asset management and disposal
• Security audit
• Cloud provider selection• Logging and monitoring• Security patching• Penetration testing• Policies and standards• Security risk assessment
and management• Threat and vulnerability
management
• Source code control• Virtual Image Security• SDLC• Team security awareness• Third party testing
• Encryption• Data classification• Data models/flows• Data ownership• Data access
What’s included in the Cloud Security Strategy Assessment?
IBM’s assessment frameworkGovernance
Metrics
Cloud security optimisation
Network and system security
Identity and access management
Secure operations
Data security Application security
PRODUCT BROCHURE Cloud Security Strategy Assessment7
Vodafone Group is one of the world’s largest telecommunications companies and provides a range of services including voice, messaging, data and fixed communications. Vodafone Group has mobile operations in 25 countries, partners with mobile networks in 42 more and fixed broadband operations in 19 markets. As of 31 December 2018, Vodafone Group had approximately 700 million mobile customers and 21 million fixed broadband customers, including all of the customers in Vodafone’s joint ventures and associates.
By connecting people, places and things, Vodafone Business helps businesses of all sizes to succeed in a digital world. Our expertise in connectivity, together with our leading IoT platform, multi-cloud solutions, digital services and global scale, delivers the results customers need to help them progress and thrive. We are a trusted partner to businesses of all sectors and public services around the world, and work side by side with them to understand the unique challenges they face and the goals they want to achieve.
For more information, please visit: www.vodafone.com/business
Why Vodafone?
www.vodafone.com/businessVodafone Group 2019. This document is issued by Vodafone in confidence and is not to be reproduced in whole or in part without the express, prior written permission of Vodafone. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademark of their respective owners. The information contained in this publication is correct at the time of going to print. Any reliance on the information shall be at the recipient’s risk. No member of the Vodafone Group shall have any liability in respect of the use made of the information. The information may be subject to change. Services may be modified, supplemented or withdrawn by Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be provided on request.
Next steps
If you want to discover more about the Cloud Security Strategy Assessment, please contact your Account Manager.